Verizon’s 2025 Data Breach Investigations Report (DBIR) puts a spotlight on the third-party risk security teams face every day. As the report puts it:
“For this year, we found third-party involvement of some sort in 30% of all breaches we analyzed, up from roughly 15% last year.”
— Verizon 2025 Data Breach Investigations Report
That’s double the rate from last year. It’s a clear sign that third-party risk is moving from the sidelines to the center of cybersecurity strategy.
At Vorlon, we saw this shift coming. For years, we’ve focused on the everyday realities of SaaS integrations, API tokens, and vendor connections that most security teams can’t easily track or control. Vorlon’s SaaS ecosystem security platform was built to help organizations manage the real risks that now show up in the DBIR’s numbers.
We give you the visibility and control to respond quickly and with confidence. That’s how you stay ahead of the third-party problem, no matter what the statistics say.
The “third-party problem” goes far deeper than vendor selection or onboarding questionnaires. Today, every organization runs on a complex SaaS ecosystem—CRM, billing, HR, DevOps, marketing, analytics, and more—all interconnected, all exchanging sensitive data, often automatically.
The DBIR puts it plainly:
“On the more hands-off side of third-party relationships, we find a proliferation of specialized software as a service (SaaS) providers supporting specific industries and automating some of their critical processes. And although those can be beneficial from a cost-reduction and business efficiency analysis, they bring the Venn diagram overlap of cybersecurity risk and operational risk uncomfortably close to a single circle.”
— Verizon 2025 Data Breach Investigations Report
These suppliers are operational lifelines. A single over-permissioned OAuth token, a dormant API key in a public repo, or an outdated integration can quietly expand your attack surface in ways traditional security tools weren’t designed to see.
Legacy approaches like SaaS Security Posture Management (SSPM), Third-Party Risk Management (TPRM), and even SIEMs can help with configuration and policy, but they struggle with the dynamic, fast-moving nature of SaaS ecosystems. Here’s why:
As the DBIR notes, “third parties not only act as custodians to customers’ data, but they also underpin critical parts of organizations’ operations.” The overlap of cybersecurity risk and operational risk has never been tighter.
These trends aren’t hypothetical. At Vorlon, we’ve analyzed multiple third-party incidents in the past year that mirror the DBIR’s findings:
Each of these attacks started as a “trusted” connection, integration, or credential—until it wasn’t.
The DBIR also highlights a quietly alarming stat:
“The median time to remediate discovered leaked secrets on a GitHub repository is 94 days.”
— Verizon 2025 DBIR
Three months is a long time for a credential to remain exposed, especially when that secret might provide access to production databases, customer records, or critical infrastructure. The DBIR found:
These are real-world entry points often missed by traditional controls.
The DBIR is legendary for its rigor and reach, but even it acknowledges what’s missing: “managing credentials will likely be harder in an environment you don’t control.” That’s the SaaS ecosystem today—sprawling, fast-changing, and full of invisible, machine-to-machine interactions.
Vorlon’s DataMatrix™ technology was built for this challenge. We create a live, algorithmic model of your SaaS ecosystem by:
As more breaches start with a legitimate vendor, integration, or token rather than a direct attack, you need to know what’s happening across your SaaS ecosystem in real time. That’s where Vorlon makes the difference: We help you spot risky third-party activity, so you can act with confidence, no matter how the threat evolves.
This year’s DBIR makes it clear that third-party risk is now a core theme for organizations of every size and sector:
“Possibly the most obvious and noteworthy among them is the role that third-party relationships play in how and why breaches occur.”
— Verizon 2025 Data Breach Investigations Report
As third-party breach incidents increase, the most dangerous risks are the ones that don’t fit neatly into a log file, a vendor questionnaire, or a compliance checkbox.
That’s why Vorlon exists: to give you the context, clarity, and confidence to protect your SaaS ecosystem as it really operates.
If your third-party risk program ends at onboarding, it’s time to upgrade.
If your visibility ends at your firewall, it’s time to expand your view.
Ready to see your SaaS ecosystem as it really is?
Amir Khayat is the CEO and co-founder of Vorlon. Amir has over 17 years of cybersecurity experience, including software development, and GTM roles. Amir served in the Israeli Defense Forces as a commander and combat soldier at the Paratrooper’s Elite Operations Unit. He graduated from Reichman University, Herzliya, Israel (IDC) with a BA in Computer Science, and he holds an MBA from the Hebrew University of Jerusalem. Amir lives in the Bay Area with his wife and three children.